Breaking the YASS Algorithm via Pixel and DCT ... - Semantic Scholar
Breaking the YASS Algorithm via Pixel and DCT Coefficients Analysis Xiaoyi Yu and Noboru Babaguchi Graduate School of Engineering, Osaka University
Abstract In this paper, we present a steganalytic method that can reliably detect messages hidden in JPEG images using the steganographic algorithm YASS, which is a JPEG steganographic method shown to be undetectable using current best blind steganalysis classifiers. The key element of the method is features extracted from the image’s pixels and DCT coefficients. Although the YASS process effectively disables the calibration based and the noise model based JPEG steganalyzers, it also disturbs the pixels and DCT coefficients dependency after the secret message embedding. An SVM based classifier is trained based on the extracted features for the detection of the presence of steganography. The method is tested on a diverse set of test images that include both originally uncompressed and compressed images in the TIF and JPEG formats. Our experimental results have demonstrated that the proposed steganalyzers can reliably break YASS∗.
1. Introduction Steganography aims to hide the very presence of communication. That is to say, the essential goal of steganography is to conceal the presence of a hidden message. Similar to cryptanalysis, steganalysis attempts to defeat the goal of steganography. There are many techniques for stegaography. JPEG images are widely used in the internet and digital image processing area, and therefore they are an ideal target format for steganography. Jsteg [1] is probably the first steganographic tool to embed into JPEG images. In Jsteg embedding, the least significant bit of each selected quantised coefficients that describe the image data in the frequency domain is ∗
This work was supported in part by SCOPE from Ministry of Internal Affairs and Communications, Japan
978-1-4244-2175-6/08/$25.00 ©2008 IEEE
replaced by a bit from the secret message. This simple method can be reliably detected [6] and even the secret message length can be estimated [7]. F5 [2] is proposed to prevent this kind of attack, which adapts the least significant bits to the message by decreasing the coefficients’ absolute values. OutGuess [3] also replaces the least significant bits, but additionally introduces correction bits to preserve the first order statistics. Both OutGuess and F5 are not vulnerable to the Chi-square attack [6] and histogram related attack [7], but they can be detected by computing calibrated statistics. Uncompressing a JPEG image and recompressing it after a slight transformation in the spatial domain accomplishes this. A comparison of marginal statistics of the examined image and the recompressed image, reveals the existence of a hidden message [8, 9]. Model-based steganography [4] tries to preserve histograms of individual AC DCT (Discrete Cosine Transform) models. However it is hard to find an accurate statistical model to fit the DCT histograms. In [4], the Cauchy distribute is used to model the DCT histograms. Although the model fits well to histograms, there are outlier bins in natural images. After embedding, these non-conforming bins are adjusted to the density function of the model distribution [10], which is utilized for the detection of model based steganography. The above mentioned steganalysis methods are all specific attacks, which are constructed for particular embedding functions. There also exist blind attacks [11-13], which do not assume knowledge about the functionality of particular algorithms. Blind methods extract statistical features, which might be subject to changes due to embedding. Then, a classifier is trained to distinguish between the cover and stego-images. Most existing steganographic methods are designed for specific attacks. YASS (Yet another steganographic scheme) is the newest JPEG steganographic method [5]. It has been shown that the embedded data by
YASS is undetectable using current best blind steganalysis classifiers with payload of approximately 0.05 bits per non-zero DCT coefficient. This paper presents a steganalysis method of YASS. In the next section, we give a description of the YASS algorithm as introduced in [5]. Then, in Sect. 3, we describe an attack on YASS, and give an example of experimental results in Sect. 4. The paper is concluded in Sect. 5, where we also outline our future research.
2. The YASS algorithm YASS is proposed to resist blind steganalysis. It has drawn extensive attention in the field of steganography and steganalysis. The main steps of YASS are shown as follows. (1) Divide the image (originally raw or compressed images) into blocks of size B × B, where B, which is called big block size, is always greater than 8, the size of a JPEG block. (2) For each block, pseudorandomly select an 8×8 sub-block in which to hide data. For every 8×8 block thus chosen, compute its 2D DCT and divide it by a JPEG quantization matrix at a design quality factor QFa. Then data is hidden in a predetermined band of low frequency AC coefficients using quantization index modulation. (3) After data embedding, de-quantize the 8×8 DCT coefficient block which contains the hidden secret message by a multiplication of the design quality factor QFh and perform the inverse 2D DCT on it. The obtained 8×8 block with secret information is placed to its original place of the original image. (4) Steps 2 and 3 are repeated until all the secret messages are hidden. Then the processed image is compressed with an advertised image quality factor QFh, which is usually no less than QFa. A JPEG stego image is obtained at last. According to [5], it is reported that the detection rates of recent blind steganalysis methods are close to random guessing. The steganalysis methods tested in [5] can be classified into 2 groups: calibration based methods [11] and noise model based methods [12, 13]. For calibration based methods, through embedding data in the randomized 8×8 blocks which do not coincide with the 8×8 grid used in JPEG compression, YASS effectively resist the detection of these methods. The superior performance has been reported in [5]. For noise model based methods, the embedding process is modeled as the addition of noise in spatial domain [13] or DCT domain [12]. The process of YASS might modify the distribution of the JPEG coefficients, which can be modeled as noise addition process, but the subsequent JPEG compression at output quality factor
masks those changes. This is the reason why several current steganalysis methods [12,13] cannot detect the presence of embedded data using YASS. In the next section, we describe an attack on YASS. It is based on the idea that YASS disturbs the pixels and DCT coefficients dependency. We can construct features of this kind of dependency and train a classifier to detect the presence of hidden message.
3. Description of the attack We divided our attack on YASS into two separate parts: (1) Extracting distinguishing statistical features that correlate with the pixels and DCT coefficients dependency, and (2) Training a classifier to discriminate the stego-images from cover images. We first discuss feature extraction. The effect of step (2) and (3) of YASS embedding process is very similar to the effect of low pass filtering. Because only parts of the image blocks are utilized for data hiding, we call them the partial filtering processing. The step (4) is similar to that the whole image is applied to low pass filtering. So we call the step (4) full filtering processing. For stego-images, one round partial filtering processing and one (for originally raw images) or two rounds (for originally JPEG compressed images) full filtering processing have been applied to them. For cover images, only one round full filtering processing has been applied. The value of a pixel in stego-images, which is originally stored in uncompressed format, maybe changes once or twice after data hiding, while for original images, all pixels are filtered once. So the change model of a pixel value (or coefficient) is quite different between the stego-images and cover images. From the above analysis, we can find that it is not difficult to find quantities that changes with YASS embedding process. What is difficult, however, is finding the measurement of the changes to discriminate the stego-image from the cover image. In [16], the Markov feature set is used to model the differences between absolute values of neighboring DCT coefficients. The feature calculation starts by forming the matrix of absolute values of DCT coefficients in the image. Next, four difference arrays are calculated along four directions: horizontal, vertical, diagonal, and minor diagonal. From these difference arrays, four transition probability matrices are constructed. We also construct features based on differences. The differences are not only differences of DCT coefficients but also decompressed pixel values. We first define the difference image and difference coefficients as follows. I Dρ,θ (i, j ) = I (i, j ) − I (i + ρ cosθ , j + ρ sinθ ) (1)
DρC,θ (i, j) = C(i, j) − C(i + ρ cosθ , j + ρ sinθ ) (2) where
I C D ρ,θ is difference image, D ρ ,θ is difference
coefficients
ρ is
the distance between the neighbors,
θ is the direction, I(i, j) and C(i, j) denotes the gray scale value and the DCT coefficient of the image I at the position (i, j) respectively. We choose the following values for parameters ρ and θ in our experiments. Table1. Parameters ρ and θ 1 1 ρ θ ρ
0
θ
-1
2 π /4
5
2 -π / 4
5 -1
5 -1
-π / 2
5 -1
tan 5 -tan 5 tan 1/5 - tan 1/5 Based on these parameters, we can construct 16 difference arrays (8 for difference image, 8 for difference coefficients). From these difference arrays, 16 transition probability matrices can be obtained: I I M ρI ′,θ ′ (i, j ) = P{D ρ,θ (i, j ) = n | D ρ,θ (i ′, j ′) = m} (3) C C M ρC′,θ ′ (i, j ) = P{D ρ,θ (i, j ) = n | D ρ,θ (i ′, j ′) = m} (4)
M ρ ′,θ ′ is the transition probability matrix, i′ = i + ρ ′ cosθ ′, j′ = j + ρ ′ sin θ ′ and parameters ρ ′ and θ ′ take the values in Table 1.
where
Values in the difference arrays
D ρ,θ larger than 4
are set to 4 and values smaller than −4 are set to −4 prior to calculating M ρ ′,θ ′ . Thus, all matrices have the same dimensions 9 × 9. We used the average
M (i, j) =
(∑
ρ ′,θ ′
)
M ρ ′,θ ′ (i, j ) / 8
(5)
as discriminate features, so the number of features is 81 for difference image and 81 for difference coefficients. Because the YASS hides secret message randomly in chosen places, the inter-block dependencies of 8×8 blocks between DCT coefficients will also be disturbed. We construct another set of features to reflect the disturbance. We use the same values of θ , and 8 times of the value ρ shown in Table 1. Thus we get another set of features with dimension 81. Totally the dimension of features is 243. For the training of a classifier, in our work, we adopt the support vector machine (SVM) as the
classifier and the code is obtained from LibSVM [17]. The second order polynomial kernel is used.
4. Experimental Results Experimental results are given in this section to demonstrate the performance of our proposed method. At present, our image database comprises 2 sets. Set I: 1338 Uncompressed Images. This set is downloaded from UCID [14]. All the images in UCID are high resolution uncompressed digital TIFF files with the size 512×384 or 384×512. To preserve the original statistical structure, we use 3 colour components as 3 different gray level images directly. Totally we have 4014 images. Set II: 806 JPEG Images. This set is downloaded from Content-Based Image Retrieval Image Datbase [15]. All the images in this database are JPEG files with the all kinds of file sizes and from many sources. We also treat 3 colors channel as 3 different images. Totally we have 2418 images. In order to verify the proposed method, three classifiers are trained. The first one is trained based on uncompressed images (Set I). The second one is on compressed images (Set II), and the last is on the mixed images (Set I and Set II). In our experiments, the YASS code is originally downloaded from [5], but now maybe not available. The big blocks with the size 9, 10, 12, 14 are tested in our experiments and denoted by B9, B10, B12 and B14, respectively. The 19 lowest frequency DCT coefficients are used for data hiding. In the process of training each classifier, we randomly select half of images from the corresponding set. The remaining images are used to test the trained classifier. The results are shown in Table 2, where TN, TP represent the true negative rate and true positive rate, respectively, and AV the accuracy rate. It is observed from Table 2 that all of these 3 classifiers can reliably detect the presence of data hiding using YASS. From the detection results, we can draw some conclusions: 1). if the stego-imaeg is originally stored in the compressed form, it is much easier to be detected. The reason, which we think, is the double compression effect of the stego-image; 2). The detection rate increases as the big-block size B increases, but will decrease after B=10; 3). For the mixed image set, the detection accuracy is not high, but is better than random guessing.
B9
B10
B12
B14
Table 2. Detection results for different image sets, when the big-block size B is varied Uncompressed Images Compressed Images Mixed Images QFh/ QFa TN TP AV TN TP AV TN TP AV 50/50 81.35 72.19 76.77 83.47 80.95 82.21 73.25 69.57 71.41 50/75 93.04 95.88 94.46 94.74 96.79 95.77 81.17 79.52 80.35 75/75 71.53 72.62 72.08 73.41 75.37 74.39 62.48 61.58 62.03 50/50 78.48 82.67 80.58 80.37 83.17 81.77 67.36 73.73 70.55 50/75 95.79 96.83 96.31 96.27 97.97 97.12 81.92 85.27 83.60 75/75 76.09 77.51 76.80 77.51 79.85 78.68 66.84 67.33 67.09 50/50 69.15 73.58 71.37 71.45 76.68 74.07 57.46 62.44 59.95 50/75 89.19 92.93 91.06 91.36 94.06 92.71 80.01 79.97 79.99 75/75 63.43 64.58 64.01 65.13 66.79 65.96 57.29 53.47 55.38 50/50 63.15 62.76 62.96 63.15 62.76 62.96 52.81 53.83 53.32 50/75 78.29 81.45 79.87 77.43 83.28 80.36 67.22 69.93 68.58 75/75 61.82 59.17 60.5 59.67 58.82 59.25 51.44 50.04 50.74
5. Conclusions We have proposed a steganalysis method for YASS. Our method is based on difference image and difference coefficients. The transition probability matrix is utilized to extract features from difference image and difference coefficients arrays. Experimental results show it a reliable way to characterize the presence of YASS steganography statistically. Our work in the near future is to try to extract more features from difference image and difference coefficients arrays to improve performance further and perform more comprehensive tests to YASS and other steganographic methods.
References [1] http://zooid.org/~paul/crypto/jsteg/ [2] A. Westfeld. High capacity despite better steganalysis (F5-a steganographic algorithm). Information Hiding, 4th International Workshop, volume 2137 of Lecture Notes in Computer Science, pages 289-302, 2001. [3] N. Provos, Defending against statistical steganalysis, 10th USENIX Security Symposium, Washington DC, USA, 2001. [4] P. Sallee. Model based methods for steganography and steganalysis. Int. J. Image Graphics, 5(1): 167-190, 2005. [5] K. Solanki, A. Sarkar, and B. S. Manjunath, YASS: Yet another steganographic scheme that resists blind steganalysis. In Proceedings of 9th Information Hiding Workshop, Saint Malo, France, June 11-13, 2007 [6] A. Westfeld, A.Pfitzmann, Attacks on Steganographic Systems. In: Pfitzmann, A. (ed.): Information Hiding. Third InternationalWorkshop, LNCS 1768, SpringerVerlag, Berlin Heidelberg, pages 61–76, 2000 [7] X. Yu, Y. Wang, and T. Tan. On estimation of secret message length in JSteg-like steganography. In
Proceedings ICPR, Cambridge, UK, volume 4, pages 673–676, August 23–26, 2004. [8] J. Fridrich, M. Goljan, D. Hogea, Attacking the OutGuess. Proceedings of the ACM Workshop on Multimedia and Security, 2002 [9] J. Fridrich, M. Goljan, D. Hogea, Steganalysis of JPEG Images: Breaking the F5 Algorithm. In: Petitcolas, F.A.P. (ed.): Information Hiding. Fifth International Workshop, LNCS 2578, Springer-Verlag, pages 310–323, 2003 [10] R. Bohme and A. Westfeld, Breaking Cauchy modelbased JPEG. steganography with first order statistics”, ESORICS 2004, LNCS 3193,. pages 125-140, 2004 [11]T. Pevny, J. Fridrich, Merging Markov and DCT features for multi-class JPEG steganalysis. In: Proc. of SPIE, San Jose, CA, 2007 [12]C. Chen, Y.Q. Shi, W. Chen, G. Xuan, Statistical moments based universal steganalysis using JPEG-2D array and 2-D characteristic function. In: Proc. ICIP, Atlanta, GA, USA pages 105–108, 2006 [13]G. Xuan, Y.Q. Shi, J. Gao, D. Zou, C. Yang, C. Yang, Z. Zhang, P. Chai, C. Chen,, W. Chen, Steganalysis based on multiple features formed by statistical moments of wavelet characteristic functions. In: Lecture notes in computer science:7th International Workshop on Information Hiding, 2005 [14] UCID - Uncompressed Colour Image Database, http:// vision .cs. aston. ac.uk /datasets/UCID/ucid.html [15] Content-Based Image Retrieval Image Datbase, http:// www. cs. washington. edu/ research/ imagedatabase /groundtruth/_tars. for. download/ [16] Y. Q. Shi, C. Chen, and W. Chen. A Markov process based approach to effective attacking JPEGsteganography. In Proceedings of the 8-th Information Hiding Workshop, 2006. [17]C. –C. Chang and C. –J. Lin, LIBSVM: a library for supportvector machines, 2001
Abstract In this paper, we present a steganalytic method that can reliably detect messages hidden in JPEG images using the steganographic algorithm YASS, which is a JPEG steganographic method shown to be undetectable using current best blind steganalysis classifiers. The key element of the method is features extracted from the image’s pixels and DCT coefficients. Although the YASS process effectively disables the calibration based and the noise model based JPEG steganalyzers, it also disturbs the pixels and DCT coefficients dependency after the secret message embedding. An SVM based classifier is trained based on the extracted features for the detection of the presence of steganography. The method is tested on a diverse set of test images that include both originally uncompressed and compressed images in the TIF and JPEG formats. Our experimental results have demonstrated that the proposed steganalyzers can reliably break YASS∗.
1. Introduction Steganography aims to hide the very presence of communication. That is to say, the essential goal of steganography is to conceal the presence of a hidden message. Similar to cryptanalysis, steganalysis attempts to defeat the goal of steganography. There are many techniques for stegaography. JPEG images are widely used in the internet and digital image processing area, and therefore they are an ideal target format for steganography. Jsteg [1] is probably the first steganographic tool to embed into JPEG images. In Jsteg embedding, the least significant bit of each selected quantised coefficients that describe the image data in the frequency domain is ∗
This work was supported in part by SCOPE from Ministry of Internal Affairs and Communications, Japan
978-1-4244-2175-6/08/$25.00 ©2008 IEEE
replaced by a bit from the secret message. This simple method can be reliably detected [6] and even the secret message length can be estimated [7]. F5 [2] is proposed to prevent this kind of attack, which adapts the least significant bits to the message by decreasing the coefficients’ absolute values. OutGuess [3] also replaces the least significant bits, but additionally introduces correction bits to preserve the first order statistics. Both OutGuess and F5 are not vulnerable to the Chi-square attack [6] and histogram related attack [7], but they can be detected by computing calibrated statistics. Uncompressing a JPEG image and recompressing it after a slight transformation in the spatial domain accomplishes this. A comparison of marginal statistics of the examined image and the recompressed image, reveals the existence of a hidden message [8, 9]. Model-based steganography [4] tries to preserve histograms of individual AC DCT (Discrete Cosine Transform) models. However it is hard to find an accurate statistical model to fit the DCT histograms. In [4], the Cauchy distribute is used to model the DCT histograms. Although the model fits well to histograms, there are outlier bins in natural images. After embedding, these non-conforming bins are adjusted to the density function of the model distribution [10], which is utilized for the detection of model based steganography. The above mentioned steganalysis methods are all specific attacks, which are constructed for particular embedding functions. There also exist blind attacks [11-13], which do not assume knowledge about the functionality of particular algorithms. Blind methods extract statistical features, which might be subject to changes due to embedding. Then, a classifier is trained to distinguish between the cover and stego-images. Most existing steganographic methods are designed for specific attacks. YASS (Yet another steganographic scheme) is the newest JPEG steganographic method [5]. It has been shown that the embedded data by
YASS is undetectable using current best blind steganalysis classifiers with payload of approximately 0.05 bits per non-zero DCT coefficient. This paper presents a steganalysis method of YASS. In the next section, we give a description of the YASS algorithm as introduced in [5]. Then, in Sect. 3, we describe an attack on YASS, and give an example of experimental results in Sect. 4. The paper is concluded in Sect. 5, where we also outline our future research.
2. The YASS algorithm YASS is proposed to resist blind steganalysis. It has drawn extensive attention in the field of steganography and steganalysis. The main steps of YASS are shown as follows. (1) Divide the image (originally raw or compressed images) into blocks of size B × B, where B, which is called big block size, is always greater than 8, the size of a JPEG block. (2) For each block, pseudorandomly select an 8×8 sub-block in which to hide data. For every 8×8 block thus chosen, compute its 2D DCT and divide it by a JPEG quantization matrix at a design quality factor QFa. Then data is hidden in a predetermined band of low frequency AC coefficients using quantization index modulation. (3) After data embedding, de-quantize the 8×8 DCT coefficient block which contains the hidden secret message by a multiplication of the design quality factor QFh and perform the inverse 2D DCT on it. The obtained 8×8 block with secret information is placed to its original place of the original image. (4) Steps 2 and 3 are repeated until all the secret messages are hidden. Then the processed image is compressed with an advertised image quality factor QFh, which is usually no less than QFa. A JPEG stego image is obtained at last. According to [5], it is reported that the detection rates of recent blind steganalysis methods are close to random guessing. The steganalysis methods tested in [5] can be classified into 2 groups: calibration based methods [11] and noise model based methods [12, 13]. For calibration based methods, through embedding data in the randomized 8×8 blocks which do not coincide with the 8×8 grid used in JPEG compression, YASS effectively resist the detection of these methods. The superior performance has been reported in [5]. For noise model based methods, the embedding process is modeled as the addition of noise in spatial domain [13] or DCT domain [12]. The process of YASS might modify the distribution of the JPEG coefficients, which can be modeled as noise addition process, but the subsequent JPEG compression at output quality factor
masks those changes. This is the reason why several current steganalysis methods [12,13] cannot detect the presence of embedded data using YASS. In the next section, we describe an attack on YASS. It is based on the idea that YASS disturbs the pixels and DCT coefficients dependency. We can construct features of this kind of dependency and train a classifier to detect the presence of hidden message.
3. Description of the attack We divided our attack on YASS into two separate parts: (1) Extracting distinguishing statistical features that correlate with the pixels and DCT coefficients dependency, and (2) Training a classifier to discriminate the stego-images from cover images. We first discuss feature extraction. The effect of step (2) and (3) of YASS embedding process is very similar to the effect of low pass filtering. Because only parts of the image blocks are utilized for data hiding, we call them the partial filtering processing. The step (4) is similar to that the whole image is applied to low pass filtering. So we call the step (4) full filtering processing. For stego-images, one round partial filtering processing and one (for originally raw images) or two rounds (for originally JPEG compressed images) full filtering processing have been applied to them. For cover images, only one round full filtering processing has been applied. The value of a pixel in stego-images, which is originally stored in uncompressed format, maybe changes once or twice after data hiding, while for original images, all pixels are filtered once. So the change model of a pixel value (or coefficient) is quite different between the stego-images and cover images. From the above analysis, we can find that it is not difficult to find quantities that changes with YASS embedding process. What is difficult, however, is finding the measurement of the changes to discriminate the stego-image from the cover image. In [16], the Markov feature set is used to model the differences between absolute values of neighboring DCT coefficients. The feature calculation starts by forming the matrix of absolute values of DCT coefficients in the image. Next, four difference arrays are calculated along four directions: horizontal, vertical, diagonal, and minor diagonal. From these difference arrays, four transition probability matrices are constructed. We also construct features based on differences. The differences are not only differences of DCT coefficients but also decompressed pixel values. We first define the difference image and difference coefficients as follows. I Dρ,θ (i, j ) = I (i, j ) − I (i + ρ cosθ , j + ρ sinθ ) (1)
DρC,θ (i, j) = C(i, j) − C(i + ρ cosθ , j + ρ sinθ ) (2) where
I C D ρ,θ is difference image, D ρ ,θ is difference
coefficients
ρ is
the distance between the neighbors,
θ is the direction, I(i, j) and C(i, j) denotes the gray scale value and the DCT coefficient of the image I at the position (i, j) respectively. We choose the following values for parameters ρ and θ in our experiments. Table1. Parameters ρ and θ 1 1 ρ θ ρ
0
θ
-1
2 π /4
5
2 -π / 4
5 -1
5 -1
-π / 2
5 -1
tan 5 -tan 5 tan 1/5 - tan 1/5 Based on these parameters, we can construct 16 difference arrays (8 for difference image, 8 for difference coefficients). From these difference arrays, 16 transition probability matrices can be obtained: I I M ρI ′,θ ′ (i, j ) = P{D ρ,θ (i, j ) = n | D ρ,θ (i ′, j ′) = m} (3) C C M ρC′,θ ′ (i, j ) = P{D ρ,θ (i, j ) = n | D ρ,θ (i ′, j ′) = m} (4)
M ρ ′,θ ′ is the transition probability matrix, i′ = i + ρ ′ cosθ ′, j′ = j + ρ ′ sin θ ′ and parameters ρ ′ and θ ′ take the values in Table 1.
where
Values in the difference arrays
D ρ,θ larger than 4
are set to 4 and values smaller than −4 are set to −4 prior to calculating M ρ ′,θ ′ . Thus, all matrices have the same dimensions 9 × 9. We used the average
M (i, j) =
(∑
ρ ′,θ ′
)
M ρ ′,θ ′ (i, j ) / 8
(5)
as discriminate features, so the number of features is 81 for difference image and 81 for difference coefficients. Because the YASS hides secret message randomly in chosen places, the inter-block dependencies of 8×8 blocks between DCT coefficients will also be disturbed. We construct another set of features to reflect the disturbance. We use the same values of θ , and 8 times of the value ρ shown in Table 1. Thus we get another set of features with dimension 81. Totally the dimension of features is 243. For the training of a classifier, in our work, we adopt the support vector machine (SVM) as the
classifier and the code is obtained from LibSVM [17]. The second order polynomial kernel is used.
4. Experimental Results Experimental results are given in this section to demonstrate the performance of our proposed method. At present, our image database comprises 2 sets. Set I: 1338 Uncompressed Images. This set is downloaded from UCID [14]. All the images in UCID are high resolution uncompressed digital TIFF files with the size 512×384 or 384×512. To preserve the original statistical structure, we use 3 colour components as 3 different gray level images directly. Totally we have 4014 images. Set II: 806 JPEG Images. This set is downloaded from Content-Based Image Retrieval Image Datbase [15]. All the images in this database are JPEG files with the all kinds of file sizes and from many sources. We also treat 3 colors channel as 3 different images. Totally we have 2418 images. In order to verify the proposed method, three classifiers are trained. The first one is trained based on uncompressed images (Set I). The second one is on compressed images (Set II), and the last is on the mixed images (Set I and Set II). In our experiments, the YASS code is originally downloaded from [5], but now maybe not available. The big blocks with the size 9, 10, 12, 14 are tested in our experiments and denoted by B9, B10, B12 and B14, respectively. The 19 lowest frequency DCT coefficients are used for data hiding. In the process of training each classifier, we randomly select half of images from the corresponding set. The remaining images are used to test the trained classifier. The results are shown in Table 2, where TN, TP represent the true negative rate and true positive rate, respectively, and AV the accuracy rate. It is observed from Table 2 that all of these 3 classifiers can reliably detect the presence of data hiding using YASS. From the detection results, we can draw some conclusions: 1). if the stego-imaeg is originally stored in the compressed form, it is much easier to be detected. The reason, which we think, is the double compression effect of the stego-image; 2). The detection rate increases as the big-block size B increases, but will decrease after B=10; 3). For the mixed image set, the detection accuracy is not high, but is better than random guessing.
B9
B10
B12
B14
Table 2. Detection results for different image sets, when the big-block size B is varied Uncompressed Images Compressed Images Mixed Images QFh/ QFa TN TP AV TN TP AV TN TP AV 50/50 81.35 72.19 76.77 83.47 80.95 82.21 73.25 69.57 71.41 50/75 93.04 95.88 94.46 94.74 96.79 95.77 81.17 79.52 80.35 75/75 71.53 72.62 72.08 73.41 75.37 74.39 62.48 61.58 62.03 50/50 78.48 82.67 80.58 80.37 83.17 81.77 67.36 73.73 70.55 50/75 95.79 96.83 96.31 96.27 97.97 97.12 81.92 85.27 83.60 75/75 76.09 77.51 76.80 77.51 79.85 78.68 66.84 67.33 67.09 50/50 69.15 73.58 71.37 71.45 76.68 74.07 57.46 62.44 59.95 50/75 89.19 92.93 91.06 91.36 94.06 92.71 80.01 79.97 79.99 75/75 63.43 64.58 64.01 65.13 66.79 65.96 57.29 53.47 55.38 50/50 63.15 62.76 62.96 63.15 62.76 62.96 52.81 53.83 53.32 50/75 78.29 81.45 79.87 77.43 83.28 80.36 67.22 69.93 68.58 75/75 61.82 59.17 60.5 59.67 58.82 59.25 51.44 50.04 50.74
5. Conclusions We have proposed a steganalysis method for YASS. Our method is based on difference image and difference coefficients. The transition probability matrix is utilized to extract features from difference image and difference coefficients arrays. Experimental results show it a reliable way to characterize the presence of YASS steganography statistically. Our work in the near future is to try to extract more features from difference image and difference coefficients arrays to improve performance further and perform more comprehensive tests to YASS and other steganographic methods.
References [1] http://zooid.org/~paul/crypto/jsteg/ [2] A. Westfeld. High capacity despite better steganalysis (F5-a steganographic algorithm). Information Hiding, 4th International Workshop, volume 2137 of Lecture Notes in Computer Science, pages 289-302, 2001. [3] N. Provos, Defending against statistical steganalysis, 10th USENIX Security Symposium, Washington DC, USA, 2001. [4] P. Sallee. Model based methods for steganography and steganalysis. Int. J. Image Graphics, 5(1): 167-190, 2005. [5] K. Solanki, A. Sarkar, and B. S. Manjunath, YASS: Yet another steganographic scheme that resists blind steganalysis. In Proceedings of 9th Information Hiding Workshop, Saint Malo, France, June 11-13, 2007 [6] A. Westfeld, A.Pfitzmann, Attacks on Steganographic Systems. In: Pfitzmann, A. (ed.): Information Hiding. Third InternationalWorkshop, LNCS 1768, SpringerVerlag, Berlin Heidelberg, pages 61–76, 2000 [7] X. Yu, Y. Wang, and T. Tan. On estimation of secret message length in JSteg-like steganography. In
Proceedings ICPR, Cambridge, UK, volume 4, pages 673–676, August 23–26, 2004. [8] J. Fridrich, M. Goljan, D. Hogea, Attacking the OutGuess. Proceedings of the ACM Workshop on Multimedia and Security, 2002 [9] J. Fridrich, M. Goljan, D. Hogea, Steganalysis of JPEG Images: Breaking the F5 Algorithm. In: Petitcolas, F.A.P. (ed.): Information Hiding. Fifth International Workshop, LNCS 2578, Springer-Verlag, pages 310–323, 2003 [10] R. Bohme and A. Westfeld, Breaking Cauchy modelbased JPEG. steganography with first order statistics”, ESORICS 2004, LNCS 3193,. pages 125-140, 2004 [11]T. Pevny, J. Fridrich, Merging Markov and DCT features for multi-class JPEG steganalysis. In: Proc. of SPIE, San Jose, CA, 2007 [12]C. Chen, Y.Q. Shi, W. Chen, G. Xuan, Statistical moments based universal steganalysis using JPEG-2D array and 2-D characteristic function. In: Proc. ICIP, Atlanta, GA, USA pages 105–108, 2006 [13]G. Xuan, Y.Q. Shi, J. Gao, D. Zou, C. Yang, C. Yang, Z. Zhang, P. Chai, C. Chen,, W. Chen, Steganalysis based on multiple features formed by statistical moments of wavelet characteristic functions. In: Lecture notes in computer science:7th International Workshop on Information Hiding, 2005 [14] UCID - Uncompressed Colour Image Database, http:// vision .cs. aston. ac.uk /datasets/UCID/ucid.html [15] Content-Based Image Retrieval Image Datbase, http:// www. cs. washington. edu/ research/ imagedatabase /groundtruth/_tars. for. download/ [16] Y. Q. Shi, C. Chen, and W. Chen. A Markov process based approach to effective attacking JPEGsteganography. In Proceedings of the 8-th Information Hiding Workshop, 2006. [17]C. –C. Chang and C. –J. Lin, LIBSVM: a library for supportvector machines, 2001
